Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e34382e302f32342d3234203d3e203630343538.roa
File:                     3139352e382e34382e302f32342d3234203d3e203630343538.roa (raw, json)
Hash identifier:          0QQ/atSVhgxbxnMmZi2CZaSsjgioOzPYv64es6L7MGQ=
Subject key identifier:   61:B2:95:86:52:11:0D:C8:E7:E1:98:40:D5:07:C7:6B:3A:93:A8:C0
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       0FA79736E9EFDAC519FB3C0BF957C5D0A3703982
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e34382e302f32342d3234203d3e203630343538.roa
Signing time:             Mon 05 May 2025 06:54:06 +0000
ROA not before:           Mon 05 May 2025 06:49:06 +0000
ROA not after:            Mon 04 May 2026 06:54:06 +0000
asID:                     60458
IP address blocks:        195.8.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:a7:97:36:e9:ef:da:c5:19:fb:3c:0b:f9:57:c5:d0:a3:70:39:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: May  5 06:49:06 2025 GMT
            Not After : May  4 06:54:06 2026 GMT
        Subject: CN=61B2958652110DC8E7E19840D507C76B3A93A8C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b9:ef:4e:41:18:72:cc:0f:fc:d4:9d:8f:db:
                    a0:a2:72:16:53:30:e8:f2:b1:db:fa:99:f9:dd:a5:
                    4b:44:48:0d:f9:57:f2:6e:24:1e:09:cb:1f:c2:d6:
                    e8:ab:53:c1:be:24:9e:79:fd:ad:f1:76:2c:8a:d3:
                    61:82:4a:18:a5:26:2e:4b:1c:9e:a7:59:e7:94:1d:
                    e0:ed:49:8b:f7:39:6b:a3:78:01:d5:e4:47:80:b1:
                    a4:1b:bf:b8:30:c4:d1:62:37:d1:ae:3e:7e:77:21:
                    52:74:0a:f2:84:0d:7d:76:32:e1:69:23:e0:6e:d3:
                    29:c9:66:33:b3:af:fc:0d:65:e7:7a:af:72:48:04:
                    81:92:ee:61:6b:1d:af:f6:84:ac:2e:4f:b4:57:69:
                    63:35:81:79:37:0e:f7:0d:c0:b2:a5:a1:1f:57:99:
                    86:80:de:04:8c:42:e2:97:66:06:c3:66:8b:d7:9b:
                    97:1a:6c:b0:b0:2d:68:4e:97:df:0e:3d:78:f0:3f:
                    d5:4e:bd:42:e2:d3:3b:d0:af:c5:ce:ee:38:ef:e8:
                    a0:a5:01:0b:5b:5d:85:bc:49:f5:c1:20:75:59:bf:
                    57:4a:93:ee:a4:fe:01:b7:18:e8:42:0b:79:87:ee:
                    ba:40:1f:ab:dc:b2:46:85:c5:e3:f6:1d:d4:40:d7:
                    4a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B2:95:86:52:11:0D:C8:E7:E1:98:40:D5:07:C7:6B:3A:93:A8:C0
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/3139352e382e34382e302f32342d3234203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:79:e2:18:7f:e0:e8:55:7a:bb:cd:8a:cb:e3:db:cc:27:b1:
         86:3a:e6:0a:61:d4:ee:3d:92:76:24:a8:24:28:cd:8b:e9:9d:
         34:b4:9d:c4:1b:33:39:bf:92:0c:10:91:b4:9c:bf:bc:cd:7d:
         49:7f:03:8d:c1:0a:53:5d:71:33:4f:dc:d6:01:74:b0:da:1e:
         0d:ba:4d:c4:d6:b4:02:0b:75:45:91:fb:9b:5b:0c:87:08:22:
         f8:78:b3:ba:73:12:f4:29:dd:be:b4:e6:6a:4e:62:7a:be:6d:
         81:85:9e:4f:8f:4f:89:f5:38:11:08:72:b6:a7:44:0f:5d:7f:
         18:6b:ef:b0:4a:27:c0:44:b4:75:fe:74:d9:2d:a5:93:01:20:
         0f:bd:1a:10:f3:b5:42:05:a7:a6:ba:26:06:44:37:02:bd:a8:
         93:2c:ab:a0:30:07:e3:d5:68:36:46:0c:15:60:a7:d5:94:a2:
         5f:18:d7:28:d9:fd:b5:6e:20:97:ba:22:b4:db:db:f0:4c:73:
         e5:ea:e8:28:e9:7f:21:7a:71:a8:ef:55:ab:d2:ae:86:ee:66:
         61:85:e0:28:a7:a1:b2:bc:50:a0:f0:14:7c:56:c7:14:6a:8f:
         4a:5c:af:1b:cf:4f:d5:71:c4:f1:d1:fc:d3:ff:7f:25:68:80:
         85:73:ae:33
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUD6eXNunv2sUZ+zwL+VfF0KNwOYIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNTA1MDUwNjQ5MDZaFw0yNjA1MDQwNjU0MDZaMDMxMTAvBgNV
BAMTKDYxQjI5NTg2NTIxMTBEQzhFN0UxOTg0MEQ1MDdDNzZCM0E5M0E4QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8ue9OQRhyzA/81J2P26CichZT
MOjysdv6mfndpUtESA35V/JuJB4Jyx/C1uirU8G+JJ55/a3xdiyK02GCShilJi5L
HJ6nWeeUHeDtSYv3OWujeAHV5EeAsaQbv7gwxNFiN9GuPn53IVJ0CvKEDX12MuFp
I+Bu0ynJZjOzr/wNZed6r3JIBIGS7mFrHa/2hKwuT7RXaWM1gXk3DvcNwLKloR9X
mYaA3gSMQuKXZgbDZovXm5cabLCwLWhOl98OPXjwP9VOvULi0zvQr8XO7jjv6KCl
AQtbXYW8SfXBIHVZv1dKk+6k/gG3GOhCC3mH7rpAH6vcskaFxeP2HdRA10p1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUYbKVhlIRDcjn4ZhA1QfHazqTqMAwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzEzOTM1MmUzODJlMzQzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzAzNDM1Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDCDAw
DQYJKoZIhvcNAQELBQADggEBAGt54hh/4OhVervNisvj28wnsYY65gph1O49knYk
qCQozYvpnTS0ncQbMzm/kgwQkbScv7zNfUl/A43BClNdcTNP3NYBdLDaHg26TcTW
tAILdUWR+5tbDIcIIvh4s7pzEvQp3b605mpOYnq+bYGFnk+PT4n1OBEIcranRA9d
fxhr77BKJ8BEtHX+dNktpZMBIA+9GhDztUIFp6a6JgZENwK9qJMsq6AwB+PVaDZG
DBVgp9WUol8Y1yjZ/bVuIJe6IrTb2/BMc+Xq6CjpfyF6cajvVavSrobuZmGF4Cin
obK8UKDwFHxWxxRqj0pcrxvPT9VxxPHR/NP/fyVogIVzrjM=
-----END CERTIFICATE-----